My MacOS X

Apple today released Safari 4.0.5 for Mac (Tiger, Leopard and Snow Leopard) bringing a number of enhancements to Apple’s Internet browser application.

This update is recommended for all Safari users and includes improvements to performance, stability, and security including:

• Performance improvements for Top Sites
• Stability improvements for 3rd-party plug-ins
• Stability improvements for websites with online forms and Scalable Vector Graphics
• Fixes an issue that prevented Safari from changing settings on some Linksys routers
• Fixes an issue that prevented some iWork.com users from commenting on documents

For detailed information on the security content of this update, please visit this site: http://support.apple.com/kb/HT1222.

Safari 4.0.5 is available via Software Update and Apple’s Safari download page. The download weighs in at 30.52 MB (Snow Leopard), 38.59 MB (Leopard), 26.78 MB (Tiger).

To reset your OS X password without an OS X CD you have two ways

First Way “create a new admin account”

1. Reboot
2. Hold apple + s down after you hear the chime.
3. When you get text prompt enter in these terminal commands to create a brand new admin account (hitting return after each line):
   • mount -uw /
   • rm /var/db/.AppleSetupDone
   • shutdown -h now
4. After rebooting you should have a brand new admin account. When you login as the new admin you can simply delete the old one and you’re good to go again!

Second way “Resetting or changing your existing password”

If you’ve ever forgotten your user account password in OS X, All you need is to remember your username (you do remember that, right?) and then reboot your computer.

1. Hold apple + s down after you hear the chime.
2. sh /etc/rc
3. passwd yourusername
4. reboot

P.S. The only major downside to resetting your password this way is that you’ll lose all keychain passwords,

Requirements:

• Home folder to be encrypted.
• Don’t need my Time Machine disk to be encrypted

First, make sure your Time Machine setup is functioning properly.
The XCode installed, as it uses Property List Editor
(Note: you’ll need to change the process a bit if you use a different property list editor.)

How to do that:

You will need to manually edit the preference file for Time Machine, adding the ID string of your File Vault disk to the list of disks to backup. You can’t do this from within System Preferences or otherwise.
One way of finding the ID string of the disk is to open com.apple.finder.plist, located in your user’s /Library/Preferences folder, and look for the FXRecentFolders item.

One of the entries should contain the name of your home folder (your login name) together with an entry called file-data. If it doesn’t, you need to close the plist and visit your home folder in Finder. This will make it a ‘recent folder,’ and then you can check the file again.

The value of _CFURLAliasData inside file-data is the string we need, including the enclosing < and >. Copy this to the clipboard.

Now, disable Time Machine from within System Preferences, make a back up of com.apple.TimeMachine.plist, located in /Library/Preferences, and then open the original file in Property List Editor. Select IncludedVolumes and click Add Child. Select type Data and paste the string you copied earlier.

(If IncludedVolumes doesn’t exist, select Root and click Add Child. Name the new entry IncludedVolumes and make it type Array. Then do the above.)

Check that the path to your home folder isn’t listed in any of the items ExcludeByPath, ExcludedVolumes, or SkipPaths. Save and quit the editor.

Select Back Up Now from the Time Machine menu bar extra to start an initial backup.
Note: You may already have a backup of your image file (located in the hidden folder /Users/.username), in which case you will have duplicates. You might want to exclude this from your backup.

When browsing your backup, your unencrypted home folder will be on the Computer level, alongside your startup disk. Not where it normally is — under /Users — since it is treated like a regular disk.

View Original hint

There Security Update 2010-001,
which can be downloaded and installed via Software Update preferences, or from Apple Downloads

Size: 22.4MB

• CoreAudio CVE-ID: CVE-2010-0036Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

  Impact: Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution

  Description: A buffer overflow exists in the handling of mp4 audio files. Playing a maliciously crafted mp4 audio file may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Tobias Klein of trapkit.de for reporting this issue.

• CUPS CVE-ID: CVE-2009-3553Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

  Impact: A remote attacker may cause an unexpected application termination of cupsd

  Description: A use-after-free issue exists in cupsd. By issuing a maliciously crafted get-printer-jobs request, an attacker may cause a remote denial of service. This is mitigated through the automatic restart of cupsd after its termination. This issue is addressed through improved connection use tracking.

• Flash Player plug-in CVE-ID: CVE-2009-3794, CVE-2009-3796, CVE-2009-3797, CVE-2009-3798, CVE-2009-3799, CVE-2009-3800, CVE-2009-3951Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

  Impact: Multiple vulnerabilities in Adobe Flash Player plug-in

  Description: Multiple issues exist in the Adobe Flash Player plug-in, the most serious of which may lead to arbitrary code execution when viewing a maliciously crafted web site. The issues are addressed by updating the Flash Player plug-in to version 10.0.42. Further information is available via the Adobe web site at http://www.adobe.com/support/security/bulletins/apsb09-19.html Credit to an anonymous researcher and Damian Put working with TippingPoints Zero Day Initiative, Bing Liu of Fortinet’s FortiGuard Global Security Research Team, Will Dormann of CERT, Manuel Caballero and Microsoft Vulnerability Research (MSVR).

• ImageIO CVE-ID: CVE-2009-2285Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8

  Impact: Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution

  Description: A buffer underflow exists in ImageIO’s handling of TIFF images. Viewing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. For Mac OS X v10.6 systems, this issue is addressed in Mac OS X v10.6.2.

• Image RAW CVE-ID: CVE-2010-0037Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

  Impact: Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution

  Description: A buffer overflow exists in Image RAW’s handling of DNG images. Viewing a maliciously crafted DNG image may lead to an unexpected application termination or arbitrary code execution. This issue is addressed through improved bounds checking. Credit to Jason Carr of Carnegie Mellon University Computing Services for reporting this issue.

• OpenSSL CVE-ID: CVE-2009-3555Available for: Mac OS X v10.5.8, Mac OS X Server v10.5.8, Mac OS X v10.6.2, Mac OS X Server v10.6.2

  Impact: An attacker with a privileged network position may capture data or change the operations performed in sessions protected by SSL

  Description: A man-in-the-middle vulnerability exists in the SSL and TLS protocols. Further information is available at http://www.phonefactor.com/sslgap A change to the renegotiation protocol is underway within the IETF. This update disables renegotiation in OpenSSL as a preventive security measure. The issue does not affect services using Secure Transport as it does not support renegotiation. Credit to Steve Dispensa and Marsh Ray of PhoneFactor, Inc. for reporting this issue.

One of the oddities of my computer use style is that I don’t like to have my system go into screensaver or lock automatically very quickly. When I leave the keyboard, I like to be able to activate the screensaver/lock manually. Since I’m also not a fan of active screen corners, I want to be able to do so by keystroke.

Annoyingly, OS X doesn’t let me bind a key to activate the screensaver. There used to be a couple utilities that enabled this, but they haven’t been updated since 10.3.

The screensaver engine itself is an application, but we still need a convenient wayto activate it. Enter Quicksilver. Quicksilver’s Triggers let us bind Quicksilver actions (including, conveniently, opening Applications) to keypresses.

So, to create a key to activate your screensaver or lock your system with Quicksilver, follow these simple steps:

1. Create a Quicksilver trigger to open the screensaver engine. The engine is /System/Library/Frameworks/ScreenSaver.framework/
Versions/A/Resources/ScreenSaverEngine.app
   

   QuickSilver Trigger Window

2. Bring up the Trigger’s info pane.
3. Set a key shortcut for the trigger. The combination of options I’ve got selected mean that the trigger only goes off if I hold the keys down for three seconds, and Quicksilver brings up a display window to let me know that I’m activating a trigger. Very handy!  Mine’s set to cmd-alt-ctrl-L)



4.  Don’t forget go to Leopard -> System Preferences -> Security -> General. And check the “require password” checkbox.